Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-34180 Vulnerability in maven package org.jenkins-ci.plugins:embeddable-build-status

Description

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build.

Remediation

References

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2794

Related Vulnerabilities

CVE-2022-34198 Vulnerability in maven package org.jenkins-ci.plugins:stashbranchparameter

CVE-2019-10372 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-oauth

CVE-2021-39236 Vulnerability in maven package org.apache.ozone:ozone-main

CVE-2023-29198 Vulnerability in npm package electron

CVE-2023-22946 Vulnerability in maven package org.apache.spark:spark-core_2.12

Severity

High

Classification

CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory